Perfoma therapy is committed to maintaining robust privacy protections for its users. This policy outlines how Stansfield Sports Injury Clinic Ltd collects, uses, shares and safeguards information we receive from our clients and our other organisations. Where possible, we will take the necessary steps to ensure that user’s information is safeguarded and kept in accordance with applicable laws and regulations.
If you use our services, you confirm that you have the relevant authority to enter into a legal agreement with us whether as an individual or other legal entity.
Our address for services and communications is Performa Therapy 2-6 Sandy Lane, Leyland PR25 2EB. Our contact telephone number is 07515572156 and our email contact is email@example.com
What information do we collect?
Your information will be used by us to enable us to provide our services to you. We act as a Data Controller (unless only processing data under a separate agreement) and undertake to protect personal and sensitive data in a manner that is consistent with the requirements of the UK data legislation and the GDPR. We will take reasonable measures to ensure the secure storage of your data.
Information provided to us:
1. From a Data Controller
Data is only held on the grounds that we have a contractual obligation to fulfil.
We undertake to protect all personal and sensitive data that is provided to us and in a manner that is consistent with the requirements of the General Data Protection Regulation (GDPR). We will take reasonable measures to ensure the secure storage of all data, see below.
1. From clients
All data given by clients is recorded by us in accordance with the client’s preferences and as permitted under the GDPR. Data will be held on one of the following grounds; with a client’s specific consent; where data retention is necessitated by a contractual relationship; and on the grounds of being a legitimate business interest.
Contacting our clinic by telephone or email: We use the details that you give us, by email or phone, to follow up on enquiries, to assist your experience within your appointment and visit to our clinic, to ask for feedback, reviews or testimonials, to deal with complaints or other reports. The basis for holding this information is as being for legitimate legal purposes or to fulfil a contractual obligation where the contact is from an existing client.
Photos: We will ask for your express consent to post any photos of you on our website or social media and you will always be given the option to opt-out or remove any photos displayed. We will not give any further personal details alongside any photos used on our website gallery.
All supplied sensitive/credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers’ database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. Individual payment details are not given to us and we do not store such data on our servers or in our systems.
Phone calls: Any data relating to phone calls, to and from us, may be recorded and retained by us. The data will be held on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours.
Emails: We retain copies of emails sent to us on our servers in the Cloud.
We may contact you by email to send you:
• general (non-marketing) communications on the basis on a contractual relationship with us
or where we have a legitimate business interest;
• email notifications where you have specifically consented to receive such;
Users of this website do so at their own discretion and provide any personal information at their own risk.
Information we get from other sources:
From time to time, we may need to obtain information from third parties. This will only apply where it is essential for the provision of our services and as permitted by law. Where applicable we will seek the consent of the client or organisation providing the data.
How we use personal information
Where we act as a Data Processor, we undertake the following obligations in accordance with the GDPR:
• we only act under the documented instructions of the Data Controller
• To ensure confidentiality, assist with legal compliance of the Data Controller, and respond to requests from data subjects (as instructed by the Data Controller)
• Make available all information necessary to demonstrate compliance
• To take measures to assist the Data Controller with ensuring security of processing
• To treat personal data after processing as directed by the Data Controller.
We don’t share, sell, or distribute your data to third parties.
If it is necessary to share data with a subcontractor working on our behalf, the Data Controller will be informed without delay. Any third party must adhere to all data protection laws and regulations.
We do not give them access to any of your personal data.
We may disclose personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights.
We cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. Stansfield Sports Injury Clinic and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
We keep all personal information in accordance with our Data Retention Policy which reflects our needs to provide our services to you as contracted and also to meet legal, statutory and regulatory obligations. We will only retain data that is necessary and this will include data relating to the physiotherapy that we have provided to clients. The need to hold information is regularly reviewed and information/data will be disposed of when no longer required.
All disposal is carried out securely and records will be destroyed so that they are not retrievable.
In addition, we regularly review our procedures for secure data storage to ensure that all appropriate measures are adopted. In accordance with data protection legislation, data records are stored in a locked cabinet and electronic storage is protected by a user’s password that is individual to the user.
Any information that you supply to us may be stored and processed by servers hosting our website. Data will only be transferred outside EEA countries in accordance with the relevant data protection laws.
Data Subject Rights
As a data processor we understand that we have an obligation under the GDPR to comply with our obligations to the following:
Subject Access Requests
The General Data Protection Regulation (GDPR) gives individuals (‘data subjects’), the right to access personal data that is held by organisations by a subject access request (SAR). We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information.
Right to Rectification
Data subjects have the right to request that we amend or change personal information that we, that is inaccurate or incorrect. We will act on any request without delay as instructed by you as Data Controller.
Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any request without delay as instructed by you as Data Controller.
Right to restrict processing
Data subjects have the right to rectification or erasure of personal data certain circumstances. We will act on any request without delay as instructed by you as Data Controller
Right to data portability
Data subjects have the right to obtain and transfer their data to different service providers. We will act on any request without delay as instructed by you as Data Controller.
Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data where we can demonstrate lawful grounds for doing so. We will act on any request without delay as instructed by you as Data Controller.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches of date to the Information Commissioner’s Office (ICO).
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the user with a tailored experience when navigating the website. Session Cookies may be used to validate your access to different parts of the website.
Third Party Cookies
Cookies may be placed on your computer or device by third parties, which are outside of the control of Stansfield Sports Injury Clinic Ltd. You should refer to the Privacy and Cookie Policies of any social media and/or channel used to link to our Website.
Guidelines for for the processing and handling of data is available from the Information Commissioner’s Office, the UK supervisory authority on data protection, see ico.org.uk.
Information is also available at www.ec.europa.eu/ipg/basics/legal/Cookies/index_en.html.
Questions and queries
If you have any concerns about how we handle data, you can contact the Data Controller by writing to us at our address for services and communications, which is Stansfield Sports Injury Clinic, 22 Chorley New Road, Bolton, BL1 4AP. Our contact telephone number is 01204 770308 or our email contact is firstname.lastname@example.org.
Changes to this policy
We reserve the right to amend this Statement at any time to meet the requirements of the GDPR and our role as a data processor. Any significant changes will be mutually agreed.
If you have a complaint about the use of data by us, you can email us at email@example.com. Alternatively, you can formally report an issue of concern to the Information Commissioner’s Office, the UK body that governs Data Protection. See https://ico.org.uk
Third Party Rights
Jurisdiction and Governing Law